Embodiments of this disclosure relate to the field of security testing of web applications or services and, more particularly, to security testing of web applications with specialized payloads.
Security testing is an important area of research and development. The rapid growth of mobile applications, web applications, and web services creates many opportunities for security attacks, thus emphasizing the need for quality testing of such applications.
One of the main challenges in security testing is to synthesize quality payloads, which are likely to demonstrate vulnerabilities in the target software system if such vulnerabilities indeed exist.
Current techniques rely on a generic pool of test payloads. These are not specific to the target application. Instead, a security expert defines all the payloads in advance, and the testing tool is then responsible for choosing which of the predefined payloads to send and in what order.
Advanced products have some limited adaptation capabilities, deciding which payloads from the pool to try when testing a given application. In these products, the choice of next payload is based on an analysis of why the last payload failed.
The testing tool has limited insight into the workings of server-side defenses. This has traditionally led commercial as well as research vulnerability scanners toward heuristic approaches, such as testing each input point, e.g., Hypertext Transfer Protocol (HTTP) parameter, with a short, predefined list of effective test payloads to balance between coverage and performance.